Information Security Specialists Learn to Handle Hackers
When the school bells ring for the first time this fall, one of them will be calling students—especially government employees—to explore cyber operations from a whole new vantage point. A brainchild of industry, the Art of Exploitation (AoE) University will feature a curriculum rich with hands-on computer penetration training, red teaming, vulnerability analysis, exploitation and forensic analysis.
The concept of teaching courses in information security is not new. Many organizations offer them piecemeal. These improve information systems personnel understanding of specific vulnerabilities, but not necessarily their ability to see a full-threat picture. In fact, even TeleCommunication Systems Incorporated (TCS) has been offering courses individually at its training center in
According to Andre Gudger, senior vice president, TCS, the idea for a university that focuses on cyber exploitation began four years ago. At that point, TCS developed specific courses addressing the issues information security professionals and industry were facing. Jeremy Willingham, senior cyber instructor, TCS, explains that the original course materials were delivered during a two-week boot camp where students studied in more than 40 hands-on projects in laboratories that were followed by comprehensive practical exercises.
TCS soon realized that it could fill a training gap that existed in government agencies. While government agency personnel were installing a variety of information security software and hardware, little comprehensive training was being offered to them in this arena. In addition, courses were being taught in a briefing style with the subject matter expert standing at a lectern delivering a lecture, which is not the best way to learn, Gudger says.
To remedy this problem, TCS developed an all-encompassing curriculum that not only addresses cyberthreats but also brings together cybersecurity subject matter experts in a think tank environment. The new facility will be considered a "Cyber Center of Excellence" and a research and development facility that focuses on supporting cybersecurity professionals. At the
From the government's standpoint, the university offers an opportunity for agency personnel to study in an enhanced, blended learning environment that includes both hands-on and instructor-led course work. Gudger explains that TCS is developing at least four courses specifically aimed at the information security issues that government information security personnel face. Some of these courses will be classified, others will not.
Individuals with specific mission experience will teach the classes to ensure that the teachers can relate directly to the problems their students face every day. In addition, all courses within the curriculum will feature information security technology tools that the students will use in the future in their organizations.
Willingham reveals that some students who are taking or have taken TCS individual computer network operations courses work for the U.S. Defense Department. Although he will not say which agencies within the department have sent personnel through this training, he allows that they include "anyone who you can imagine in the intelligence agencies."
Gudger explains that one of the reasons the